📦

감사 이력

spec-kit-claude-code-workflow - 6 감사

감사 버전 6

최신 안전

Jun 28, 2026, 03:57 AM

Static analysis reported six possible issues, but all reviewed locations are prose in SKILL.md. No executable code, network activity, system reconnaissance, weak cryptography use, data exfiltration, or prompt injection attempt was found.

1
스캔된 파일
184
분석된 줄 수
3
Review items
0
False positives ignored

Confirmed security concerns (3)

낮음
False Positive: Weak Cryptography Pattern
The static hits occur in descriptive workflow text, not in cryptographic code. Line 7 describes the skill, and line 45 discusses folder-specific rule overrides.
The referenced lines contain natural-language documentation only. I found no algorithm names, crypto libraries, key handling, or encryption implementation.
낮음
False Positive: System Reconnaissance Pattern
The static hits refer to rapid prototyping and rapid specification changes. They do not instruct collection of host, user, process, or environment information.
Both locations are workflow guidance sentences. I found no command usage, filesystem probing, environment access, or inventory collection.
낮음
False Positive: Network Reconnaissance Pattern
The static hits discuss feedback mechanisms and workflow monitoring. They do not contain network scanning, connection testing, or external endpoint access.
The relevant text is conceptual process guidance. I found no URLs, sockets, port scans, ping commands, or network libraries.
감사자: codex

감사 버전 5

안전

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
스캔된 파일
361
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 4

안전

Jan 16, 2026, 03:50 PM

Pure documentation skill containing only YAML frontmatter and markdown guidance for development workflow. No executable code, scripts, network calls, filesystem access, or command execution capabilities. All 15 static findings are false positives from pattern-matching on benign documentation text.

2
스캔된 파일
361
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 3

안전

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
스캔된 파일
184
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 2

안전

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
스캔된 파일
184
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude

감사 버전 1

안전

Jan 10, 2026, 09:51 AM

Pure documentation skill with no executable code. Contains only YAML frontmatter and markdown guidance for development workflow. No scripts, network calls, filesystem access, or command execution capabilities.

1
스캔된 파일
184
분석된 줄 수
0
Review items
0
False positives ignored
보안 문제가 발견되지 않았습니다
감사자: claude